Which of the following activities would compromise the independence of the internal audit activity and therefore should not be performed by an internal auditor?
A.
Championing the establishment of organization-wide risk management.
Comprehensive and Detailed Step-by-Step Explanation:
Reference to IIA Standards:
Standard 1110 - Organizational Independence: Internal audit must be independent of the activities it audits to maintain objectivity.
Standard 1130 - Impairment to Independence or Objectivity: Internal audit’s independence is compromised if auditors take on roles that involve making decisions or implementing controls, as this may bias their findings.
Reasoning:
Option B is correct because setting the organization’s risk appetite is a management decision and represents a strategic role that compromises the internal audit's independence.
Option A (championing the establishment of risk management) and Option C (coordinating risk management) do not directly impair independence, though care should be taken to avoid direct involvement in risk management decisions. These activities can be part of advisory services and not necessarily a threat to independence if appropriately managed.
Maintaining Independence:
Internal auditors should provide assurance on risk management but not take on roles that involve decision-making or implementing risk management processes.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit